CVE-2023-6353— Tyler Technologies Civil and Criminal Electronic Filing Upload.aspx allows authentication bypass
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-6353
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Tyler Technologies Civil and Criminal Electronic Filing Upload.aspx allows authentication bypass
Source: NVD (National Vulnerability Database)
Vulnerability Description
Tyler Technologies Civil and Criminal Electronic Filing allows an unauthenticated, remote attacker to upload, delete, and view files by manipulating the Upload.aspx 'enky' parameter.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
认证机制不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Tyler Technologies Civil and Criminal Electronic Filing 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Tyler Technologies Civil and Criminal Electronic Filing是Tyler Technologies公司的用于刑事和民事案件的电子归档系统。 Tyler Technologies Civil and Criminal Electronic Filing存在安全漏洞。远程攻击者利用该漏洞通过操纵Upload.aspx的enky参数来上传、删除和查看文件。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Tyler Technologies | Civil and Criminal Electronic Filing | 0 | - |
II. Public POCs for CVE-2023-6353
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-6353
请登录查看更多情报信息。
- https://www.cisa.gov/news-events/alerts/2023/11/30/multiple-vulnerabilities-affecting-web-based-court-case-and-document-management-systemsthird-party-advisorygovernment-resource
- https://nvd.nist.gov/vuln/detail/CVE-2023-6353
Same Patch Batch · Tyler Technologies · 2023-11-30 · 6 CVEs total
| CVE-2023-6342 | 5.3 MEDIUM | Tyler Technologies Court Case Management Plus "pay for print" allows authentication bypass |
| CVE-2023-6343 | 5.3 MEDIUM | Tyler Technologies Court Case Management Plus use of Aquaforest TIFF Server tssp.aspx allo |
| CVE-2023-6344 | 5.3 MEDIUM | Tyler Technologies Court Case Management Plus use of Aquaforest TIFF Server te003.aspx and |
| CVE-2023-6354 | 5.3 MEDIUM | Tyler Technologies Magistrate Court Case Management Plus PDFViewer.aspx allows authenticat |
| CVE-2023-6375 | 5.3 MEDIUM | Tyler Technologies Magistrate Court Case Management Plus stores backups insecurely |
IV. Related Vulnerabilities
Same vendor: Tyler Technologies
- CVE-2025-55077
Tyler Technologies ERP Pro 9 SaaS application escape - CVE-2023-6375
Tyler Technologies Magistrate Court Case Management Plus sto - CVE-2023-6354
Tyler Technologies Magistrate Court Case Management Plus PDF - CVE-2023-6344
Tyler Technologies Court Case Management Plus use of Aquafor - CVE-2023-6343
Tyler Technologies Court Case Management Plus use of Aquafor
Same weakness: CWE-287
- CVE-2026-8244
Industrial Application Software IAS Canias ERP Login RMI imp - CVE-2026-8216
Industrial Application Software IAS Canias ERP Java RMI Sess - CVE-2026-8214
Industrial Application Software IAS Canias ERP RMI doAction - CVE-2026-42560
auth: Patreon provider assigns the same local user ID to eve - CVE-2026-41070
openvpn-auth-oauth2 returns FUNC_SUCCESS on client-deny, all
V. Comments for CVE-2023-6353
No comments yet